Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
80fd220b-e3b5-4
Explorer

IPS Attack direction

Hi everyone,
On my checkpoint 80.30 I would like to know, for a generic IPS log, which field tell me the direction of attack, in order to get who is the attacker, the pc or the server. I think that is simple for the checkpoint by looking the direction of the attack signature . Please do not confuse the session TCP/IP direcion with the attack direction.
thanks a lot.
Emi

0 Kudos
4 Replies
Nick_Doropoulos
Advisor

Hello,

You could use the IPS Security Logs found in sk144192.

I hope this helps.

0 Kudos
emiliano_mastro
Participant

hi nick, thanks for answer, but I had already seen that sk, but there isn't a field for attack direction

0 Kudos
Vladimir
Champion
Champion

I think that the attacks should be treated as correlated events and not by a single IPS log entry.

Whole point of multi-vector attacks is the difficulty in attribution and necessity of identifying all of their components. 

 

Nick_Doropoulos
Advisor

I fully agree with your assessment Vladimir!
0 Kudos